加密密码的解密 [英] Decryption of Encrypted Password

问题描述

嗨..

我在数据库中使用Hash方法存储加密密码。这是可能的还是解密的方法？因为我必须将解密的密码发送到另一个TextBox ..

Hi..
I have store an encrypted password using Hash method in database. Is that possible or a way to decrypt it?Because i have to send decrypted password to another TextBox..

System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, ConfigurationManager.AppSettings("HashMethod"))

推荐答案

否。



哈希不是加密函数。

最大的区别是：加密可以逆转。哈希不能 - 这就是使用哈希算法进行密码存储的全部要点。



你永远不应该尝试在任何地方发送密码 - 只需比较哈希。如果忘记密码，请重置密码并存储新的哈希值。

No.

Hashing is not an encryption function.
The big difference is: Encrytpion can be reversed. Hashing can't - that is the whole point of using a hashing algorithm for password storage.

You should never attempt to send a password anywhere - just compare hashes. If the password gets forgotten, reset it and store the new hash value.

Aaaa！不是了！我不明白所有关于哈希（或密码）的问题的作者有什么问题。



加密哈希函数不是为了解密而设计的！



这是单向功能。反转它（按图像查找参数值）不可行。当使用加密哈希函数时，这种反转（称之为解密，无关紧要）永远不需要;恰恰相反：必需使其不可行。



请参阅：

http://en.wikipedia.org/wiki/Cryptographic_hash_function [ ^ ]。



如果您需要加密和解密，请使用加密算法。< br $> b $ b





啊，这与密码有关吗？！请彻底思考：为什么您认为身份验证或任何其他与密码相关的目的可能需要解密？它永远不需要，因为您永远不需要存储密码。这个想法非常明显：您只存储密码的哈希函数，在身份验证期间计算相同的哈希值，并将哈希值与哈希值进行比较。从不使用密码密码。这样，世界上只有一个人知道她/他自己的密码。任何人都知道这会很糟糕。这不是那么合理和简单吗？







请参阅我最近的回答：以安全的方式存储密码值int sql server [ ^ ]。







至于加密算法，使用.NET你有一个不错的选择：

http://msdn.microsoft.com/en-us/library/system.security.cryptography.asymmetricalgorithm [ ^ ]，

http://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm [ ^ ]。



对于密码，我仍然会推荐加密哈希函数，正如我已经解释的那样。



哇，

-SA

Aaaa! Not again! I don't understand what's wrong with the authors of all such questions on the hash (or passwords).

The cryptographic hash function is not designed to be "decrypted"!

This is a one-way function. Reversing it (finding argument value by image) is infeasible. When a cryptographic hash function is used, such reversing (call it "decryption", does not matter) is never needed; just the opposite: it is required to make it infeasible.

Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

If you need encryption and decryption, use encryption algorithms.



Ah, this is related to passwords?! Please think thoroughly: why do you think "decryption" could ever be needed for authentication or any other password-related purpose? It is never needed, because you never need to store a password. The idea is so obvious: you store only the hash function of a password, calculate the same hash during authentication and compare hash with hash. Never a password with password. This way, only one person in the world knows her/his own password. It would be so bad in anyone else knew. Isn't that reasonable and simple?



Please see also my recent answer: storing password value int sql server with secure way[^].



As to the encryption algorithms, with .NET you have a decent choice:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.asymmetricalgorithm[^],
http://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm[^].

For passwords, I would still recommend cryptographic hash functions, as I already explained.

Wow,

—SA

AFAIK，你不能反转哈希字符串 - 算法的设计是不可能的。



如果你要验证密码用户输入通常的技术是将其哈希，然后将其与数据库中的哈希版本进行比较。



这是验证usered输入表的方法

Well AFAIK, you cannot reverse the hashed string - the algorithm is designed so it's impossible.

If you are verifying the password that a user entered the usual technique is to hash it and then compare it to the hashed version in the database.

This is how you could verify a usered entered table

SELECT password_field FROM mytable WHERE password_field=pwdencrypt(userEnteredValue)

这篇关于加密密码的解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！